[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less
From: |
Markus Armbruster |
Subject: |
Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less |
Date: |
Sat, 10 Aug 2019 21:34:17 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Alex Bennée <address@hidden> writes:
> Markus Armbruster <address@hidden> writes:
>
>> Philippe Mathieu-Daudé <address@hidden> writes:
>>
>>> On 8/9/19 8:46 AM, Markus Armbruster wrote:
>>>> In my "build everything" tree, changing qemu/main-loop.h triggers a
>>>> recompile of some 5600 out of 6600 objects (not counting tests and
>>>> objects that don't depend on qemu/osdep.h). It includes block/aio.h,
>>>> which in turn includes qemu/event_notifier.h, qemu/notify.h,
>>>> qemu/processor.h, qemu/qsp.h, qemu/queue.h, qemu/thread-posix.h,
>>>> qemu/thread.h, qemu/timer.h, and a few more.
>>>>
>>>> Include qemu/main-loop.h only where it's needed. Touching it now
>>>> recompiles only some 1700 objects. For block/aio.h and
>>>> qemu/event_notifier.h, these numbers drop from 5600 to 2800. For the
>>>> others, they shrink only slightly.
>>>>
>>>> Signed-off-by: Markus Armbruster <address@hidden>
>>>> ---
>>> [...]
>>>> diff --git a/include/sysemu/sysemu.h b/include/sysemu/sysemu.h
>>>> index 77f5df59b0..ac18a1184a 100644
>>>> --- a/include/sysemu/sysemu.h
>>>> +++ b/include/sysemu/sysemu.h
>>>> @@ -5,7 +5,6 @@
>>>> #include "qapi/qapi-types-run-state.h"
>>>> #include "qemu/timer.h"
>>>> #include "qemu/notify.h"
>>>> -#include "qemu/main-loop.h"
>>>> #include "qemu/bitmap.h"
>>>> #include "qemu/uuid.h"
>>>> #include "qom/object.h"
>>>
>>> netmap failing again :S
>>>
>>> $ make docker-image-debian-amd64 V=1 DEBUG=1
>>> [...]
>>> CC net/netmap.o
>>> net/netmap.c: In function 'netmap_update_fd_handler':
>>> net/netmap.c:109:5: error: implicit declaration of function
>>> 'qemu_set_fd_handler' [-Werror=implicit-function-declaration]
>>> qemu_set_fd_handler(s->nmd->fd,
>>> ^~~~~~~~~~~~~~~~~~~
>>> net/netmap.c:109:5: error: nested extern declaration of
>>> 'qemu_set_fd_handler' [-Werror=nested-externs]
>>
>> I managed to lose the fix somehow.
>>
>> I admit I ran "make docker-test-build", realized docker needs root, and
>> went "sod it, cross fingers & send out the patches".
>
> I've sent some patches to make docker-test-build more closely resemble
> what shippable exercises.
>
> As for root you can setup a docker group and do it that way (see the
> docs in docs/devel/testing.rst). It's not recommended for production
> machines as it makes escalation fairly trivial (the daemon itself still
> runs as root).
As Dan Walsh explained in a blog post[*], access to the docker socket is
equivalent to root. Might be okay on a throwaway or special-purpose
box, but definitely not on my desktop.
The solution the blog post recommends for now is sudo with password,
which I consider only marginally better: instead of leaving the safe
door open, we install a security camera to log access to the safe,
*then* leave the safe door open. Just in case whoever helps himself to
the contents of the safe is too lazy to help himself to the logs, too.
In the great tradition of throwing security under the bus to get work
done, I set up sudo. Avoiding NOPASSWD: turns out to be impractical.
Running "make docker-test-build" fails for me on master (v4.1.0-rc4),
details appended.
> Hopefully Marc's podman support:
>
> Subject: [PATCH v2 0/5] tests/docker: add podman support
> Date: Tue, 9 Jul 2019 23:43:25 +0400
> Message-Id: <address@hidden>
>
> will make these requirements a little less onerous.
Sounds like a much needed upgrade to me.
[...]
[*]
https://www.projectatomic.io/blog/2015/08/why-we-dont-let-non-root-users-run-docker-in-centos-fedora-or-rhel/
My failure:
$ make -C bld docker-test-build
make: Entering directory '/work/armbru/qemu/bld'
BUILD centos7
make[1]: Entering directory '/work/armbru/qemu/bld'
GEN /work/armbru/qemu/bld/docker-src.2019-08-10-07.29.32.8915/qemu.tar
COPY RUNNER
RUN test-build in qemu:centos7
[...]
make[1]: Leaving directory '/work/armbru/qemu/bld'
BUILD debian9
BUILD debian-amd64
make[1]: Entering directory '/work/armbru/qemu/bld'
GEN /work/armbru/qemu/bld/docker-src.2019-08-10-07.30.18.17180/qemu.tar
COPY RUNNER
RUN test-build in qemu:debian-amd64
[...]
install -c -m 0644 /tmp/qemu-test/build/trace-events-all
"/tmp/qemu-test/build/=destdir/tmp/qemu-test/install/share/qemu/trace-events-all"
Error in atexit._run_exitfuncs:
Traceback (most recent call last):
File "/usr/lib64/python2.7/atexit.py", line 24, in _run_exitfuncs
func(*targs, **kargs)
File "/work/armbru/qemu/tests/docker/docker.py", line 234, in _kill_instances
return self._do_kill_instances(True)
File "/work/armbru/qemu/tests/docker/docker.py", line 213, in
_do_kill_instances
for i in self._output(cmd).split():
File "/work/armbru/qemu/tests/docker/docker.py", line 239, in _output
**kwargs)
File "/usr/lib64/python2.7/subprocess.py", line 223, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command '['sudo', 'docker', 'ps', '-q']' returned non-zero
exit status 1
Error in sys.exitfunc:
Traceback (most recent call last):
File "/usr/lib64/python2.7/atexit.py", line 24, in _run_exitfuncs
func(*targs, **kargs)
File "/work/armbru/qemu/tests/docker/docker.py", line 234, in _kill_instances
return self._do_kill_instances(True)
File "/work/armbru/qemu/tests/docker/docker.py", line 213, in
_do_kill_instances
for i in self._output(cmd).split():
File "/work/armbru/qemu/tests/docker/docker.py", line 239, in _output
**kwargs)
File "/usr/lib64/python2.7/subprocess.py", line 223, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['sudo', 'docker', 'ps', '-q']'
returned non-zero exit status 1
CLEANUP /work/armbru/qemu/bld/docker-src.2019-08-10-07.30.18.17180
make[1]: Leaving directory '/work/armbru/qemu/bld'
BUILD debian-arm64-cross
Traceback (most recent call last):
File "/work/armbru/qemu/tests/docker/docker.py", line 615, in <module>
sys.exit(main())
File "/work/armbru/qemu/tests/docker/docker.py", line 611, in main
return args.cmdobj.run(args, argv)
File "/work/armbru/qemu/tests/docker/docker.py", line 366, in run
dkr = Docker()
File "/work/armbru/qemu/tests/docker/docker.py", line 193, in __init__
self._command = _guess_docker_command()
File "/work/armbru/qemu/tests/docker/docker.py", line 65, in
_guess_docker_command
commands_txt)
Exception: Cannot find working docker command. Tried:
docker
sudo docker
make: *** [/work/armbru/qemu/tests/docker/Makefile.include:53:
docker-image-debian-arm64-cross] Error 1
make: Leaving directory '/work/armbru/qemu/bld'
There are a few SELinux gripes in my logs, like this one:
type=AVC msg=audit(1565418107.93:125036): avc: denied { module_request } for
pid=19599 comm="configure" kmod="binfmt-464c"
scontext=system_u:system_r:container_t:s0:c611,c653
tcontext=system_u:system_r:kernel_t:s0 tclass=system permissive=0
- [Qemu-devel] [PATCH v3 25/29] numa: Move remaining NUMA declarations from sysemu.h to numa.h, (continued)
- [Qemu-devel] [PATCH v3 25/29] numa: Move remaining NUMA declarations from sysemu.h to numa.h, Markus Armbruster, 2019/08/09
- [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less, Markus Armbruster, 2019/08/09
- Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less, Philippe Mathieu-Daudé, 2019/08/09
- Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less, Markus Armbruster, 2019/08/09
- Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less, Philippe Mathieu-Daudé, 2019/08/09
- Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less, Alex Bennée, 2019/08/09
- Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less,
Markus Armbruster <=
- Re: [Qemu-devel] [PATCH v3 20/29] Include qemu/main-loop.h less, Philippe Mathieu-Daudé, 2019/08/12
- [Qemu-devel] Running docker cross-tests with SELinux (was: Re: [PATCH v3 20/29] Include qemu/main-loop.h less), Philippe Mathieu-Daudé, 2019/08/15
[Qemu-devel] [PATCH v3 14/29] migration: Move the VMStateDescription typedef to typedefs.h, Markus Armbruster, 2019/08/09
[Qemu-devel] [PATCH v3 29/29] sysemu: Split sysemu/runstate.h off sysemu/sysemu.h, Markus Armbruster, 2019/08/09
[Qemu-devel] [PATCH v3 23/29] numa: Don't include hw/boards.h into sysemu/numa.h, Markus Armbruster, 2019/08/09
[Qemu-devel] [PATCH v3 18/29] Include hw/hw.h exactly where needed, Markus Armbruster, 2019/08/09
[Qemu-devel] [PATCH v3 15/29] Include migration/vmstate.h less, Markus Armbruster, 2019/08/09
Re: [Qemu-devel] [PATCH v3 00/29] Tame a few "touch this, recompile the world" headers, no-reply, 2019/08/09
Re: [Qemu-devel] [PATCH v3 00/29] Tame a few "touch this, recompile the world" headers, Philippe Mathieu-Daudé, 2019/08/09